论文部分内容阅读
针对身份认证中可能出现的数字身份被冒用问题,提出了一种强双因子身份认证方案,将生成的数字证书及私钥存储于用户智能卡中,再使用fuzzy vault保护智能卡的PIN。通过组合2种不同条件来证明一个人的身份,安全性有了明显提高。同时为了减轻智能卡的计算负担,引入秘密共享思想,当且仅当用户智能卡和指纹服务器中信息都可得时,才释放其中绑定的智能卡PIN。该方案进一步完善了PKI的安全认证,适用于高端用户或有特殊需要的高安全度客户的身份认证。
Aiming at the problem of possible digital identity being used in identity authentication, a strong two-factor identity authentication scheme is proposed. The generated digital certificate and private key are stored in the user’s smart card, and the fuzzy vault is used to protect the PIN of the smart card. By combining two different conditions to prove one’s identity, safety has been significantly improved. At the same time, in order to reduce the computational burden on the smart card, a secret sharing idea is introduced to release the smart card PIN bundled therein only if the information in both the user smart card and the fingerprint server is available. The program further improves the security certification of PKI and is applicable to the authentication of high-end users or highly-security customers with special needs.